Privacy Policy

This Privacy Policy describes how Shipr (“we”, “us”, “our”) collects, uses, stores, and protects your information when you use the Shipr platform at shipr.club.

1. Information We Collect

We collect the following types of information:

• Account information: Email address, name, and profile details provided during signup or via third-party authentication (GitHub, Google).
• Project data: Ideas, plans, requirements, and generated code you create within Shipr.
• Usage data: Pages visited, features used, session duration, and interaction patterns to improve the service.
• Device data: Browser type, operating system, screen resolution, and IP address for security and analytics.

2. Third-Party Integrations

When you connect third-party services, we store OAuth tokens securely to access those services on your behalf:

• GitHub: Repository access for pushing generated code. We request the minimum scopes needed.
• Vercel: Deployment access for publishing your generated applications.
• Supabase: Database provisioning for projects that require backend storage.
• Stripe: Payment processing for subscriptions. We do not store your credit card details — Stripe handles this directly.

You can disconnect any integration at any time from your account settings. Disconnecting revokes our access tokens.

3. How We Use Your Information

• Provide, operate, and maintain the Shipr platform.
• Generate project plans, code, and deployments based on your inputs.
• Send transactional emails (account verification, password resets, billing receipts).
• Analyse usage patterns to improve features, fix bugs, and optimize performance.
• Detect and prevent fraud, abuse, and security threats.

We do not sell your personal data to third parties. We do not use your project data to train AI models.

4. Analytics

We use PostHog for product analytics. PostHog collects anonymised usage data to help us understand how the platform is used. You can opt out of analytics tracking in your account settings.

5. AI and Language Models

Shipr uses third-party AI providers (Anthropic, Google, OpenAI) to power planning and code generation. Your project inputs are sent to these providers to generate outputs. We do not permit these providers to use your data for model training. Refer to each provider's data processing terms for details.

6. Data Storage and Security

• Data is stored on servers in the United States (via Supabase and Vercel).
• All data is encrypted in transit (TLS) and at rest.
• OAuth tokens are encrypted before storage.
• We follow industry-standard security practices including regular dependency audits, least-privilege access controls, and rate limiting.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data and project data within 30 days. Some anonymised usage data may be retained for analytics purposes.

8. Your Rights

You have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and associated data.
• Export your project data.
• Opt out of analytics tracking.

To exercise any of these rights, contact us at support@shipr.club.

9. Cookies

We use essential cookies for authentication and session management. We use analytics cookies (PostHog) to understand usage patterns. We do not use advertising or third-party tracking cookies.

10. Children's Privacy

Shipr is not intended for users under 16 years of age. We do not knowingly collect personal data from children.

11. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or through a notice on the platform. Continued use of Shipr after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy, contact us at support@shipr.club.